how to allow execution of bash scripts inside genode

Alexander Tormasov a.tormasov at
Thu Jan 13 16:12:43 CET 2022

Hi Johannes,
thank you for clarification

>> [init -> /bin/bash -> 12] Error: ROM-session creation failed
>> (ram_quota=6144, cap_quota=3, label="/home/build/c") [init ->
>> /bin/bash -> 12] Error: Could not open ROM session for
>> "/home/build/c" [init -> /bin/bash -> 12] Warning: execve: executable
>> binary inaccessible as ROM module
> The "Could not open ROM session for /home/build/c" indicates that there
> is something wrong with your session routing. It's a bit of a guesswork
> involved here what your run script looks like but I believe it is
> similar to Executable binaries must be provided as a ROM

yes, close, only that part I have in bash part
            <service name="File_system"> <child name="vfs"/> </service>
            <service name="ROM" label_suffix=""> <parent/> </service>
            <service name="ROM" label_last="/bin/bash">           <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/genode/tool">      <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/bin">              <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/usr/bin">          <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/libexec">          <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/x86_64-pc-elf">    <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/arm-none-eabi">    <child name="vfs_rom"/> </service>
            <service name="ROM" label_prefix="/aarch64-none-elf"> <child name="vfs_rom"/> </service>

            <any-service> <parent/> <any-child/> </any-service>

> module. In other words, when executing "/home/build/c" the bash
> component tries to open a ROM session with label "/home/build/c". For
> this purpose, the contains the fs_rom component as a proxy
> between the vfs server and the bash component. When you look at the
> routing rules defined for the bash component, you see some routing
> rules for the ROM service. In, however, only session requests
> with labels "/bin/..." are routed to fs_rom. Have you tried adding a
> rule for "/home/build/…"?

thank you, now it works, while give a strange messages into log:

[init -> /bin/bash -> 3] Warning: invalid executable binary format: /home/c
[init -> /bin/bash -> 3] Error: no plugin found for fcntl(255)

I initially assume something similar as a problem with directory allowance/permissions - even try to copy my script to /bin or /usr/bin - and fail.
bash-4.4# echo > c echo ok
bash-4.4# ./c
bash-4.4# cp c /bin
(null): cannot create regular file '/bin/c': No such file or directory

if I want to allow writing to the particular directory, e.g. to /bin - where I should specify this?
in separate policy or I can add to below?
            <service name="ROM" label_prefix="/bin">              <child name="vfs_rom"/> </service>


More information about the users mailing list